What am I missing here ? My traffic is hitting my WAN address, but is not hitting the LAN. First of all, this is on an old 90D that I am playing with, so it's on it's highest release of 6.0.18
I am trying to hit a server inside my network from the outside. My ISP router is outside the Firewall, and has all ports Port Forwarded. I can see the traffic hit my Firewall
Spirit-FW # diag sniffer pack any "port 22" 4 0 a |
But it won't hit my inside LAN. I have a fully open Any Src / Any Dst / All services rule in place
I have a Virtual IP for 192.168.1.17 --> 10.10.5.100 (TCP: 22 --> 22)
Doing a Packet Capture too confirms the traffic to the WAN, but never his the LAN Interface
I'm sure that this is something stupidly simple that I am overlooking :(
Thanks in advance
@championc1 Kindly make sure that there is a firewall policy from wan to LAN with destination as VIP .
Please refer to the following document
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...
In case the issue persists, kindly provide the following debugs
diagnose debug enable
diagnose debug flow filter addr 192.168.1.17
diagnose debug flow show function-name enable
diagnose debug flow trace start 100
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.